{"id":2790,"date":"2017-11-13T13:26:17","date_gmt":"2017-11-13T12:26:17","guid":{"rendered":"https:\/\/kudzia.eu\/b\/?p=2790"},"modified":"2017-11-13T13:29:29","modified_gmt":"2017-11-13T12:29:29","slug":"firewall-entries-needed-for-active-ftp-connections-for-linux-hosts-running-recent-kernels","status":"publish","type":"post","link":"https:\/\/kudzia.eu\/b\/2017\/11\/firewall-entries-needed-for-active-ftp-connections-for-linux-hosts-running-recent-kernels\/","title":{"rendered":"firewall entries needed for active FTP connections for linux hosts running recent kernels"},"content":{"rendered":"<p>after upgrade to debian stretch i had to add the following firewall entries:<\/p>\n<p>for the FTP servers:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\niptables -t raw -A PREROUTING -p tcp --dport 21 -j CT --helper ftp\r\n<\/pre>\n<p>for the nat-routers between FTP servers and FTP clients:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\niptables -t raw -A PREROUTING -p tcp --dport 21 -j CT --helper ftp\r\n<\/pre>\n<p>for the FTP clients:<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\niptables -t raw -A OUTPUT -p tcp --dport 21 -j CT --helper ftp\r\n<\/pre>\n<p>related articles:<\/p>\n<ul>\n<li><a href=\"https:\/\/home.regit.org\/netfilter-en\/secure-use-of-helpers\/\">https:\/\/home.regit.org\/netfilter-en\/secure-use-of-helpers\/<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>after upgrade to debian stretch i had to add the following firewall entries: for the FTP servers: iptables -t raw -A PREROUTING -p tcp &#8211;dport 21 -j CT &#8211;helper ftp for the nat-routers between FTP servers and FTP clients: iptables -t raw -A PREROUTING -p tcp &#8211;dport 21 -j CT &#8211;helper ftp for the FTP [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,51],"tags":[47],"class_list":["post-2790","post","type-post","status-publish","format-standard","hentry","category-uncategorized","category-unimportant","tag-linux-networking"],"_links":{"self":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2790","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/comments?post=2790"}],"version-history":[{"count":4,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2790\/revisions"}],"predecessor-version":[{"id":2794,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/2790\/revisions\/2794"}],"wp:attachment":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/media?parent=2790"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/categories?post=2790"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/tags?post=2790"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}